With every email now a target and every piece of data at risk, the need for data protection maturity has never been higher.

According to the new Data Protection Maturity study released today by Lumension®, a global leader in endpoint management and security, IT security departments are responding with better policies, improved technology approaches and financial commitment.

More than 700 IT professionals from around the globe responded to the study, now in its fourth year and released in support of Data Privacy Day.

Recognising the importance of today’ data security threats, 51 per cent of organisations now maintain multiple data protection policies, up 16 per cent from when this question was first asked in 2012.

In 2014, 27 per cent consider their data security policies exhaustive while 18 per cent say their policies are minimal, a decrease of 30 per cent since 2012.

"Organisations are making progress in securing their data and that points to greater appreciation for today’s cyber risk reality," said Chris Merritt, director, solution marketing, Lumension.

"Threats will of course continue to increase in number and severity but it seems IT now has the ear of their leadership and some progress is being made."

Organisations report a continued need to defend against many different types of attacks however – 57 per cent cite malware, 23 per cent say software vulnerability exploitation and 19 per cent say denial of service attacks.

They also struggle with related IT risks. Top on the list this year is accidental data loss by employees, say 40 per cent. Up 10 per cent over last year, this is also the largest increase.

To combat these risks, organisations are also implementing security training. Of those that do, 46 per cent say they offer security training on a formal and ongoing basis and 28 per cent do so on an informal and ad hoc basis.

Both of these figures have increased over last year. However, nine per cent say they offer no security training.

Among the top trends in IT, mobile remains influential and those realities are reflected in the survey results. Just eight per cent maintain an “open access” policy. One-fifth allow access with employee education and 16 per cent limit access to higher-level staff.

One-quarter permit “controlled access,” while more than one-quarter restrict access.

"It’s interesting to note that BYOD access is gradually opening up and becoming less restrictive. It’s difficult to pinpoint why but it’s likely due in part to the tidal wave of millennials who view it as a right, not a privilege, or it could be because of the near universal penetration of phones in society," Merritt said.

Respondents also indicated their organisations are placing improved emphasis on security all the way through to their IT budgets.

Those that assign less than two per cent of their IT budgets to security fell 26 per cent over last year and those that dedicate as much as 10 per cent grew by 34 per cent.

Two-thirds of respondents consider their resource allocation sufficient for data protection policies and best practices.